Описание
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)
Ссылки
- ExploitPatchThird Party Advisory
- Third Party Advisory
- ExploitPatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.15 (исключая)
cpe:2.3:a:webrtc_project:webrtc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.001
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 5.3
github
больше 4 лет назад
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
EPSS
Процентиль: 28%
0.001
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863